Pwn2Own Hacking Contest Host, Security Conference CanSecWest Partly Microsoft Sponsored

Monday, March 29, 2010
By OP Editor

Surprise, surprise. “Strange” correlation between sponsorship of security conference CanSecWest and Pwn2Own hacking contest scheduling / negative publicity.

CanSecWest, host of iPhone hacked Pwn2Own contest, sponsored by Microsoft, RIM Blackberry, Google

“iPhone Hacked in 20 Seconds”

Pwn2Own at CanSecWest is known as the hacking contest that started the myths that “Apple products are first to fall,” “iPhone is hacked in 20 seconds,” and “iPhone is first to be hacked.”

Correlation of CanSecWest Sponsorship and Pwn2Own Scheduling

But it turns out, Microsoft, Palm, and Google are Sponsors of CanSecWest, conference host of the Pwn2Own contest. In contrast, Apple, Mozilla, and Nokia are not sponsors of CanSecWest.

CanSecWest 2010 sponsors includes Microsoft, RIM BlackBerry, Google

Upon further investigation by OP Editor, Pwn2Own seems to show correlation of preferential scheduling for the CanSecWest security conference sponsors and bias against non-sponsors. We’re not saying Pwn2Own rigged anything but only that there is a correlation.

Table by (Apple, Mac, iPad, iPhone, iPod News):

Pwn2Own 2010 first day scheduling correlation with CanSecWest sponsorship table

[1] It would have been a total joke if Microsoft was left out of the first day, although Microsoft Windows Mobile was left out of all 3 days of the competition.
[2] Pwn2Own sponsor TippingPoint’s President, Alan Kessler, is former President of Palm Inc.

TippingPoint President Alan Kessler former Palm executive

How Does Pwn2Own Choose Hacking Targets

To pretend the contest is unbiased, Pwn2Own / TippingPoint describes how it choose the contest targets. TippingPointBlog: “The devices, operating systems and browsers we selected for this contest represent those used most frequently in businesses today.

Despite that claim, this is the first day Pwn2Own schedule as of March 24, 2010:

CanSecWest Pwn2Own 2010, first day schedule, time slots, biased against Apple

So, as already covered on the myth of iPhone Hacked in 20 Seconds (go to page 2):

On the first day, out of 8 actual slots (there were 9 time slots, slot #6 seems to be forfeited and later removed), here are the time allocations:

  • 50%: Apple Safari iPhone (1, 2, 3, 8)
  • 25%: Microsoft IE8 Windows 7 (4,5)
  • 12.5%: Nokia Symbian (7)
  • 12.5%: Mozilla Firefox (9)
  • 0%: Google Android (Motorola Droid / Nexus One)
  • 0%: Google Chrome
  • 0%: RIM BlackBerry
  • 0%: Palm
  • 0%: Microsoft Windows Mobile

So, judging from the first day scheduling of Pwn2Own contest, TippingPoint is saying RIM BlackBerry, Google Android, Palm, and Microsoft Windows Mobile Phone are used 0% of time in business.

Pwn2Own also seem to indicate Apple products such as the iPhone and Safari browser are used frequently in business today. So, judging from their own words, Apple products are twice as important as Microsoft in terms of business. (Why else would they schedule extra time for Apple?)

Again, TippingPointBlog: “The devices, operating systems and browsers we selected for this contest represent those used most frequently in businesses today.

Pwn2Own TippingPoint claims devices, operating systems and browsers selected for Apple iPhone hacking contest represent those used most frequently in business today

Pwn2Own Security Contest Scheduling Analysis

On the first day of Pwn2Own, Apple Safari browser got as many time slots as Microsoft Internet Explorer 8 on Windows 7. Apple products are also scheduled earlier than Microsoft products.

Is it because in terms of web browser importance or market share, Apple Safari is as important as Microsoft Internet Explorer? Or perhaps the contest is structured to produced the deceptive “Apple hacked first” headlines?

Keep in mind that the latest Microsoft Internet Explorer 8 on Windows 7 was hacked on its first attempt, so if IE8 was scheduled first, then Microsoft Windows 7 would have been “hacked first.” However, none of the PC apologists are saying Microsoft IE8 was hacked first on the Windows platform.

Windows Mobile 6.5 from CanSecWest sponsor Microsoft was not even scheduled for the Pwn2Own contest. RIM BlackBerry OS, Google Chrome Browser & Android OS, which are major products from other CanSecWest sponsors, somehow are not scheduled for the first day of the contest either.

What About the Random Drawing?

Yes, there seems to be a video of “random” time slot drawing, but the video doesn’t even show much of the black bag:

Random? Pwn2Own Drawing

Card Tricks

Even if there isn’t a black bag, it’s still possible to get the result they want.

Of course, it could be just the luck of the draw that puts Apple products first. But wait…

Surprise! Pwn2Own Contest Sponsor TippingPoint Predicts Outcome

Before the contest was even under way, TippingPointBlog (TippingPoint is sponsor of Pwn2Own) sends out press releases predicting the Apple iPhone would be first to fall. Based on the March 16, 2010 TippingPointBlog article, Arstechnica wrote the headline: “iPhone will be first mobile device to fall at Pwn2Own 2010.”

Blog of TippingPoint, sponsor of Pwn2Own claims Apple iPhone will be first to fail despite scheduled random drawing

But how does the contest sponsor know which device will fall first? Why not Windows Mobile?

It just turned out that iPhone (not Windows Mobile or Windows 7) was scheduled first in the contest. Could it be possible that the something is rigged? Perhaps the more likely explanation is that TippingPointBlog can read the future and has seen the outcome of the “random” drawing?

Or, as Don Williams reported, back in 2007, the original Pwn2Own contest was called “Hack-A-Mac.”

Pwn2Own from TippingPoint DVLabs originally called Hack-A-Mac

iPhone Cracked In 20 Seconds My Ass – Try More Like 1,209,600 Seconds! [Don Williams]


Related Posts

  1. Apple Smartphone Lacks Security? iPhone Hacked / Cracked in 20 Seconds? The Whole Story
  2. Google Chrome = New Microsoft Windows?
  3. Fanboys: Apple vs. Microsoft
  4. Microsoft Internet Explorer 9 web browser Follows Apple & Google’s HTML5 Lead
  5. Microsoft Releases Bulky Buttons Windows Phone 7

Tags: Analysis, Apple, iPhone, Microsoft, Security

4 Responses to “Pwn2Own Hacking Contest Host, Security Conference CanSecWest Partly Microsoft Sponsored”

  1. AlfieJr

    what a fake! the “random drawing”. it is impossible to mix up folded pieces of paper in a small black limp (fabric?) bag like that. the on-camera shaking was pathetically lame, but even more shaking wouldn’t help. the bag is just too small and springy folded paper has tremendous friction, stays put. i know, i’ve done a lot of raffles. only can really mix folded paper like this in a big container with some kind of free-falling tumbling action. otherwise the last papers put in stay on top and are the first ones out. didn’t see the guy trying to dig deep either – that takes more time and he was going too fast. they didn’t show us the bag loading either. one person obviously wrote all the names, so they knew what order they put them in the bag.

    so of course they put their favored hackers names in last. charlie miller is #2 – surprise!

    the fix was in.

  2. Imapolicecar

    Interesting. I had assumed it was a free-for-all full of hundreds of hackers all simultaneously working on hacks. So, when it says, “product X hacked in seconds’” I had always assumed that it was because it was inherently insecure and that first to fall was something significant.

    Instead you are telling me it’s a managed, pre-meditated spotlight hack where they are done sequentially.Not only is that generally gross misreporting but more to the point, “Where’s the fun in hacking/cracking gone these days?” :-(


Site Search

iPad Air 2 Case

Popular Tags